Hi All,
We have 3 following remove entitlement operations configured as we have a requirement that if a reviewer decides to remove entitlement and if that is the only entitlement user is having then connector should delete the application account.
- Remove Entitlement - Get User Details
This operation is to get User’s account details before triggering the actual remove entitlement operation, as Remove entitlement API expects body as a complete account object with the requested entitlements. We could have done this in before operation rule but we already have a complex rule written for authenticating the API. - Remove Entitlement - Removes the entitlement
This operation gets the user detail response from above operation and sends the body to actually remove the entitlements. - Remove Entitlement - Delete Account
This operation checks the if user has any entitlement or not, if not then delete the application account
Issue:-
If user has 3 entitlements and reviewer decides to revoke all 3 in one go, connector is removing the entitlements and deleting the account but account activity shows remove entitlement failed with error as “User Not Found 404 error”. I am suspecting that connector again triggers the 1st remove entitlement operation and fails over there.
If user has 3 entitlements and reviewer decides to revoke one by one, it works fine, and upon final entitlement removal operation connector deletes the account without any issue.
Can someone please help to understand how the remove entitlement operation is actually getting triggered.